Reconnecting to live updates…

Android Banker with Complete Device Takeover Capabilities

Severity: mediumType: malware

Rokarolla is an Android banking trojan distributed via malicious websites posing as popular apps like TikTok or Google Chrome. It targets 217 cryptocurrency and banking apps with 137 commands to control infected devices. The malware harvests lock screen credentials, contact lists, SMS data, and uses keyloggers and fraudulent overlays to steal banking information. It disables Google Play Protect, hijacks SMS and calls, manipulates clipboard content for cryptocurrency theft, and performs screen surveillance. Rokarolla maintains persistence by hiding its icon, muting audio, and keeping the screen active indefinitely.

AI Analysis

Technical Summary

Rokarolla is a sophisticated Android banking trojan that achieves full device takeover through a dropper impersonating Google Play Protect, which installs a secondary payload. It targets a wide range of cryptocurrency and banking applications using numerous commands to control the device. Its capabilities include stealing lock screen credentials, exfiltrating contacts and SMS, deploying keyloggers, blocking calls, creating overlay attacks to capture banking credentials and unlock patterns, disabling Google Play Protect, hijacking SMS and calls, manipulating clipboard data to steal cryptocurrency, and conducting snapshot-based screen surveillance. The malware ensures persistence by hiding its icon, muting device audio, and preventing the device from sleeping. Communication with its command and control infrastructure occurs over HTTPS.

Potential Impact

The malware can lead to theft of banking credentials and cryptocurrency by capturing sensitive user inputs and data. It compromises device security by disabling Google Play Protect and hijacking SMS and calls, potentially allowing attackers to bypass two-factor authentication. The persistent nature of the malware and its ability to monitor communications and manipulate clipboard content significantly increase the risk of financial loss and privacy breaches for affected users.

Mitigation Recommendations

No official patch or remediation guidance is provided. Users should avoid downloading applications from untrusted sources or websites impersonating legitimate apps. Since Rokarolla disables Google Play Protect and hides itself, users should consider using reputable mobile security solutions to detect and remove such malware. Monitoring for unusual device behavior and performing a factory reset if infection is suspected may be necessary. Patch status is not yet confirmed — check vendor advisories and security updates for Android devices regularly.

Indicators of Compromise

domain: morevoms.cfd
domain: abiorime.cfd
domain: blestorians.cfd
hash: 006c773fb376e69395d078fbfeb37845
hash: 0a91605c428936cc57079c82f58e5ab2
hash: 114377794c485b464a09d8a712fdf89a
hash: 12dd7582991eedb150605dc9b4df96d9
hash: 18bf467368ab5197320af4c776fcc1ff
hash: 2b68a1032a5da7fd5c6d917c757f1483
hash: 3b5b36bf3666a37e55cca68a617a8d27
hash: 41e46bdfac77abcce3fe5539e367eafb
hash: 493b92c3b3d73a5511ccd84bf578463e
hash: 4c8533c5231f023b8230abdf18d8750a
hash: 53e4e5d8733569615de08e88555809e8
hash: 59cf6e1d2b9fa977a99e20dcd9fe07f7
hash: 617a9505680f81c08cd8223e41393a03
hash: 6386b68eabc6360276f6fc88aade79e7
hash: 669d827d9f128959bc94797836ec2943
hash: 6ef6efc798600c1007d5196d488d1a16
hash: 78a1a18f78ebe666a82f22f54a9e2330
hash: 791ead6b2a562f777d70e594bbd86b52
hash: 86f30770dd116c9da42098f11f84ac46
hash: 8f92be9f524a636904721c2af49abb97
hash: 960eaa15382138938020c2e9907208bb
hash: 9a53a27511314d7f9571ce0eb7619f70
hash: 9d613c4da12345202913d67e6692c1b7
hash: a9127719338a0f4124660d1c90a03a5c
hash: b0833c924d43001be3e4534fa3e3d727
hash: c0bfc715aa0b6f9ff41fe5f22ade0c76
hash: dc2bec284f293d1a58f8c8a02d4e6c85
hash: e07e1ec214564d12c2f5aea847138232
hash: e5ef5bc4ccae37c4d041afdaaca9a784
hash: fefec424a52e88ef72e707c1f401df01
hash: 017923d2295bf92a9c1731c7457978b3f900f4cb
hash: 0bcad256c661a9de209d4d148901c51be1906896
hash: 153f0af2340a959ec0f431b795a979f48d5f712b
hash: 1dea2add161006bae979e542fc551fcfca1fc0aa
hash: 22ee22f4f8b163cbf4df4a7c4b37a90d036b2e0e
hash: 23c5b055bfc35ddc5316d96e3c1a6518ed2ce444
hash: 2658de23293a03bd077d46d75dfc83bca9525d29
hash: 2897379c58f6971e38d4717caf323b6ed9da7fd5
hash: 294943cf10d268d83ba8ffaa57ab38f340d5e1e1
hash: 3701b8dea3a2a852039834424fc214651bc97dac
hash: 45e0515694788ddeb0abb3dd2a86bbc967b1eeec
hash: 549ec32545e0accc26ec168a4832efcbff729c3c
hash: 61e6d6b8e46eb466be8f8cd772b283037d65e30c
hash: 62d67355c676d177381a9bf30e86980acddb898c
hash: 68cc04a6f8b8f8f602b58acc28a1d170fa653b0c
hash: 77ad9fc130a326010e527a279d7ead7b2a0c792c
hash: 7a2b4acbfa9d4907c0681e880977e8cdfb26ae62
hash: 7b088a7f9b99895b23c0bd243c84558f55e27a98
hash: 7e98337538437c4ab99105ae2e31d776d9c21590
hash: 886e568e4189d2f4ad912db54af82b1b6870f3a7
hash: 8d053559e1884e38bb13966d20003ffb34de8f6d
hash: 9650ee6d3d7eca38952cb2e6a264e0d6d5c63a76
hash: 99c13966aa82a1af216fc967c519eb1c77abbcfc
hash: b4512e7d743e3597f975ae47ca87a4afd5b3cb53
hash: c1fa081d0cd62005f69018171ae0397c44230cc8
hash: c43a50956de20d8afd5b3259add038b53cbaeeb7
hash: d781e4c217adec0d4f4e52ab70d747c2759cf968
hash: d9e6324d888754fee460a3577badd449f940e518
hash: dbbc915ba86e7b314e6082f735ed92d847dd1ef2
hash: e8daa78dca3287b2dd5ebb2ad1c202e869d1eed9
hash: 1ba364113c4cec5542d1b2c76d7c163a66bdf90bc373256d5178f880f9742960
hash: 1d3270a9141f8f16047799f1132633d72fd421b6c8f1878b5ef04ced6add4db8
hash: 1e4ed7e40608750cd0bfe96f5ed493a022b58ec54da2345336c522f7c78197af
hash: 1f4c70cb317ffd25adc828fbac3bb8f07739e23111f7b7905926489fe35f8973
hash: 2eb80e5519fc6defcec8cc30a5cf4f75ee5ec8d2435759bb77c19826f1e20efb
hash: 3c304a1ac73590aaf94b62711a5f2fd0cbb863dab13aef6ec1eb156f4a7bd5b9
hash: 3e25c28c5e93376683e841b7ad60f9383bb3bf831284a93a4aae798fc769d767
hash: 3fae7ede2ef9c809b54504c3d78e5111d7fad0b522c707b8f6ff21015af79251
hash: 43888be8debbbd74012484d4e4f9a1c70c2ff3970e0bf499c9aebba9776930a1
hash: 48a3db92fac1ba9c218253576e09f42faabeaf48cf80663cf32e06b0a66e983d
hash: 4e2cbefc6bdbfdb6e885057ce47d460e3d3355a5e97db51b22e9c5a14e14302b
hash: 5139253b1f30b34ab3aa888aba175866fa1f82728ab07b999c24b49b191c3f68
hash: 57307ee8a3cda10730eacecaf789fab6f8771f9d29397e07c31a6bd4551bba10
hash: 5d0c5d8da8202f512339457ae00ed2d9b9c930cefc63fa5a28a049aba4127ab7
hash: 62aef76c2d1897203649844b45317d9e1723819479a2b88ca4b3290ca9f4c9f0
hash: 696ef29f77a91aa91279c83088a07ab137d5049dc096ef862a35f9d890a552b3
hash: 726095e56c693977b7796dc7cead2e2a49551d77d3f442aaa28997615ba07e99
hash: 7aa389f25997610a96f014977eecd6d69142bdc63841e0d84976e3e621831303
hash: 890ecea4ebe4fea692ad36adf02abeb37c181cb7bdb6122cd52d9aaafe7d6cf3
hash: 8d65e4df0ad369f491698437413afd1bd55fff309860f9cdecc778c9ac062282
hash: 8ddbcebe1014a645855986e85b2c54ee167baf1e9a0d74179faf81a5ee6878f4
hash: 97e76acebea510c8641183866be4392601314b20e73c7ba8cf1f3ee2de6080fd
hash: 9a8ec3b21fdb4167f8fdd46f4d38b9a99ff2d3515ee70215438a1360c1474221
hash: a5e6763b09553691c8b42deefb725fa3b8c133a03a34cea87740b1f13d08bac3
hash: aec2a36e8d68b23444348a7cec2d6ec287cb8810d1e190e04743645426ababb1
hash: be8573971b85fda81a2fac27adb7a3a9b2cf7e1d9bdf713361a725324d378d34
hash: c08cd3f78c0edcced6b1a694284b6ed4a9e0422f469e07c702c4a8d1f6c186f4
hash: c3cfe522d2da15b033f65eb5377bf9e99be598dc4c21729e6f168dbc8f19540b
hash: c3e324106803df27f5b6e0d49d2daf02d4cde396af4401f1ad29d78198e370b6
hash: c505353a6c58a21cb7b0343202e8629bee2f121f01c21dd8e0b61b7c55b77495
hash: c734a665f04eb9ab17047e65940fc35bad0221d59c2fc4fd0d170f2181514034
hash: d6403ec82659eb62424bb1033615a8df27635080d02e438a4ee7e2334b1155f7
hash: d7d960ef10b08c472ad397b6fd9e9481338b2077c7c2f44d3dc2c65b19345ae0
hash: e134cffcbe1fa8a861fd1f9a506f10ca5ff56cd5082360ef13d204676792e8bc
hash: e76cbdf420540a18e2ddea02938acf3c4b4139f3511d314dca9781afe1e439bb
hash: ed036356fa2d3490d3ddb5ee7ae98bab80b505938f0199d9b10f12266f345896
hash: f0c18f045e3bb0193ef1169f5fa1abff7aa47e9a23da35cf67bbb9548a5e32c0
hash: f49be77b95cabd28d2dfe91786863576f6bd3f43a9d6de67a5b5851afe3aff9a
hash: f8cb375a4129358ad5881c29a6921fc1e5773028c0b31da83298f606118b185a
hash: fe41e6c1725f63582f022a17abe098e49338a78118a00ca87785b2fa0cf3dadf
url: https://abiorime.cfd
url: https://beralisvc.info
url: https://blestorians.cfd
url: https://morevoms.cfd
domain: beralisvc.info

Android Banker with Complete Device Takeover Capabilities

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: morevoms.cfd
domain: abiorime.cfd
domain: blestorians.cfd
hash: 006c773fb376e69395d078fbfeb37845
hash: 0a91605c428936cc57079c82f58e5ab2
hash: 114377794c485b464a09d8a712fdf89a
hash: 12dd7582991eedb150605dc9b4df96d9
hash: 18bf467368ab5197320af4c776fcc1ff
hash: 2b68a1032a5da7fd5c6d917c757f1483
hash: 3b5b36bf3666a37e55cca68a617a8d27
hash: 41e46bdfac77abcce3fe5539e367eafb
hash: 493b92c3b3d73a5511ccd84bf578463e
hash: 4c8533c5231f023b8230abdf18d8750a
hash: 53e4e5d8733569615de08e88555809e8
hash: 59cf6e1d2b9fa977a99e20dcd9fe07f7
hash: 617a9505680f81c08cd8223e41393a03
hash: 6386b68eabc6360276f6fc88aade79e7
hash: 669d827d9f128959bc94797836ec2943
hash: 6ef6efc798600c1007d5196d488d1a16
hash: 78a1a18f78ebe666a82f22f54a9e2330
hash: 791ead6b2a562f777d70e594bbd86b52
hash: 86f30770dd116c9da42098f11f84ac46
hash: 8f92be9f524a636904721c2af49abb97
hash: 960eaa15382138938020c2e9907208bb
hash: 9a53a27511314d7f9571ce0eb7619f70
hash: 9d613c4da12345202913d67e6692c1b7
hash: a9127719338a0f4124660d1c90a03a5c
hash: b0833c924d43001be3e4534fa3e3d727
hash: c0bfc715aa0b6f9ff41fe5f22ade0c76
hash: dc2bec284f293d1a58f8c8a02d4e6c85
hash: e07e1ec214564d12c2f5aea847138232
hash: e5ef5bc4ccae37c4d041afdaaca9a784
hash: fefec424a52e88ef72e707c1f401df01
hash: 017923d2295bf92a9c1731c7457978b3f900f4cb
hash: 0bcad256c661a9de209d4d148901c51be1906896
hash: 153f0af2340a959ec0f431b795a979f48d5f712b
hash: 1dea2add161006bae979e542fc551fcfca1fc0aa
hash: 22ee22f4f8b163cbf4df4a7c4b37a90d036b2e0e
hash: 23c5b055bfc35ddc5316d96e3c1a6518ed2ce444
hash: 2658de23293a03bd077d46d75dfc83bca9525d29
hash: 2897379c58f6971e38d4717caf323b6ed9da7fd5
hash: 294943cf10d268d83ba8ffaa57ab38f340d5e1e1
hash: 3701b8dea3a2a852039834424fc214651bc97dac
hash: 45e0515694788ddeb0abb3dd2a86bbc967b1eeec
hash: 549ec32545e0accc26ec168a4832efcbff729c3c
hash: 61e6d6b8e46eb466be8f8cd772b283037d65e30c
hash: 62d67355c676d177381a9bf30e86980acddb898c
hash: 68cc04a6f8b8f8f602b58acc28a1d170fa653b0c
hash: 77ad9fc130a326010e527a279d7ead7b2a0c792c
hash: 7a2b4acbfa9d4907c0681e880977e8cdfb26ae62
hash: 7b088a7f9b99895b23c0bd243c84558f55e27a98
hash: 7e98337538437c4ab99105ae2e31d776d9c21590
hash: 886e568e4189d2f4ad912db54af82b1b6870f3a7
hash: 8d053559e1884e38bb13966d20003ffb34de8f6d
hash: 9650ee6d3d7eca38952cb2e6a264e0d6d5c63a76
hash: 99c13966aa82a1af216fc967c519eb1c77abbcfc
hash: b4512e7d743e3597f975ae47ca87a4afd5b3cb53
hash: c1fa081d0cd62005f69018171ae0397c44230cc8
hash: c43a50956de20d8afd5b3259add038b53cbaeeb7
hash: d781e4c217adec0d4f4e52ab70d747c2759cf968
hash: d9e6324d888754fee460a3577badd449f940e518
hash: dbbc915ba86e7b314e6082f735ed92d847dd1ef2
hash: e8daa78dca3287b2dd5ebb2ad1c202e869d1eed9
hash: 1ba364113c4cec5542d1b2c76d7c163a66bdf90bc373256d5178f880f9742960
hash: 1d3270a9141f8f16047799f1132633d72fd421b6c8f1878b5ef04ced6add4db8
hash: 1e4ed7e40608750cd0bfe96f5ed493a022b58ec54da2345336c522f7c78197af
hash: 1f4c70cb317ffd25adc828fbac3bb8f07739e23111f7b7905926489fe35f8973
hash: 2eb80e5519fc6defcec8cc30a5cf4f75ee5ec8d2435759bb77c19826f1e20efb
hash: 3c304a1ac73590aaf94b62711a5f2fd0cbb863dab13aef6ec1eb156f4a7bd5b9
hash: 3e25c28c5e93376683e841b7ad60f9383bb3bf831284a93a4aae798fc769d767
hash: 3fae7ede2ef9c809b54504c3d78e5111d7fad0b522c707b8f6ff21015af79251
hash: 43888be8debbbd74012484d4e4f9a1c70c2ff3970e0bf499c9aebba9776930a1
hash: 48a3db92fac1ba9c218253576e09f42faabeaf48cf80663cf32e06b0a66e983d
hash: 4e2cbefc6bdbfdb6e885057ce47d460e3d3355a5e97db51b22e9c5a14e14302b
hash: 5139253b1f30b34ab3aa888aba175866fa1f82728ab07b999c24b49b191c3f68
hash: 57307ee8a3cda10730eacecaf789fab6f8771f9d29397e07c31a6bd4551bba10
hash: 5d0c5d8da8202f512339457ae00ed2d9b9c930cefc63fa5a28a049aba4127ab7
hash: 62aef76c2d1897203649844b45317d9e1723819479a2b88ca4b3290ca9f4c9f0
hash: 696ef29f77a91aa91279c83088a07ab137d5049dc096ef862a35f9d890a552b3
hash: 726095e56c693977b7796dc7cead2e2a49551d77d3f442aaa28997615ba07e99
hash: 7aa389f25997610a96f014977eecd6d69142bdc63841e0d84976e3e621831303
hash: 890ecea4ebe4fea692ad36adf02abeb37c181cb7bdb6122cd52d9aaafe7d6cf3
hash: 8d65e4df0ad369f491698437413afd1bd55fff309860f9cdecc778c9ac062282
hash: 8ddbcebe1014a645855986e85b2c54ee167baf1e9a0d74179faf81a5ee6878f4
hash: 97e76acebea510c8641183866be4392601314b20e73c7ba8cf1f3ee2de6080fd
hash: 9a8ec3b21fdb4167f8fdd46f4d38b9a99ff2d3515ee70215438a1360c1474221
hash: a5e6763b09553691c8b42deefb725fa3b8c133a03a34cea87740b1f13d08bac3
hash: aec2a36e8d68b23444348a7cec2d6ec287cb8810d1e190e04743645426ababb1
hash: be8573971b85fda81a2fac27adb7a3a9b2cf7e1d9bdf713361a725324d378d34
hash: c08cd3f78c0edcced6b1a694284b6ed4a9e0422f469e07c702c4a8d1f6c186f4
hash: c3cfe522d2da15b033f65eb5377bf9e99be598dc4c21729e6f168dbc8f19540b
hash: c3e324106803df27f5b6e0d49d2daf02d4cde396af4401f1ad29d78198e370b6
hash: c505353a6c58a21cb7b0343202e8629bee2f121f01c21dd8e0b61b7c55b77495
hash: c734a665f04eb9ab17047e65940fc35bad0221d59c2fc4fd0d170f2181514034
hash: d6403ec82659eb62424bb1033615a8df27635080d02e438a4ee7e2334b1155f7
hash: d7d960ef10b08c472ad397b6fd9e9481338b2077c7c2f44d3dc2c65b19345ae0
hash: e134cffcbe1fa8a861fd1f9a506f10ca5ff56cd5082360ef13d204676792e8bc
hash: e76cbdf420540a18e2ddea02938acf3c4b4139f3511d314dca9781afe1e439bb
hash: ed036356fa2d3490d3ddb5ee7ae98bab80b505938f0199d9b10f12266f345896
hash: f0c18f045e3bb0193ef1169f5fa1abff7aa47e9a23da35cf67bbb9548a5e32c0
hash: f49be77b95cabd28d2dfe91786863576f6bd3f43a9d6de67a5b5851afe3aff9a
hash: f8cb375a4129358ad5881c29a6921fc1e5773028c0b31da83298f606118b185a
hash: fe41e6c1725f63582f022a17abe098e49338a78118a00ca87785b2fa0cf3dadf
url: https://abiorime.cfd
url: https://beralisvc.info
url: https://blestorians.cfd
url: https://morevoms.cfd
domain: beralisvc.info

Source: AlienVault OTX General

Published: Tue Jun 16 2026

Android Banker with Complete Device Takeover Capabilities

Medium

Malwarerokarolla cryptocurrency theft overlay attacks banking credentials accessibility abuse sms hijacking android trojan keylogger

Published: Tue Jun 16 2026 (06/16/2026, 14:27:52 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/16/2026, 17:30:08 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Author: AlienVault
Tlp: white
References: ["https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities"]
Adversary: null
Pulse Id: 6a315d684f0c09972ddea652
Threat Score: null

Indicators of Compromise

Domain

Value	Description	Copy
domainmorevoms.cfd	—
domainabiorime.cfd	—
domainblestorians.cfd	—
domainberalisvc.info	—

Hash

Value	Description	Copy
hash006c773fb376e69395d078fbfeb37845	—
hash0a91605c428936cc57079c82f58e5ab2	—
hash114377794c485b464a09d8a712fdf89a	—
hash12dd7582991eedb150605dc9b4df96d9	—
hash18bf467368ab5197320af4c776fcc1ff	—
hash2b68a1032a5da7fd5c6d917c757f1483	—
hash3b5b36bf3666a37e55cca68a617a8d27	—
hash41e46bdfac77abcce3fe5539e367eafb	—
hash493b92c3b3d73a5511ccd84bf578463e	—
hash4c8533c5231f023b8230abdf18d8750a	—
hash53e4e5d8733569615de08e88555809e8	—
hash59cf6e1d2b9fa977a99e20dcd9fe07f7	—
hash617a9505680f81c08cd8223e41393a03	—
hash6386b68eabc6360276f6fc88aade79e7	—
hash669d827d9f128959bc94797836ec2943	—
hash6ef6efc798600c1007d5196d488d1a16	—
hash78a1a18f78ebe666a82f22f54a9e2330	—
hash791ead6b2a562f777d70e594bbd86b52	—
hash86f30770dd116c9da42098f11f84ac46	—
hash8f92be9f524a636904721c2af49abb97	—
hash960eaa15382138938020c2e9907208bb	—
hash9a53a27511314d7f9571ce0eb7619f70	—
hash9d613c4da12345202913d67e6692c1b7	—
hasha9127719338a0f4124660d1c90a03a5c	—
hashb0833c924d43001be3e4534fa3e3d727	—
hashc0bfc715aa0b6f9ff41fe5f22ade0c76	—
hashdc2bec284f293d1a58f8c8a02d4e6c85	—
hashe07e1ec214564d12c2f5aea847138232	—
hashe5ef5bc4ccae37c4d041afdaaca9a784	—
hashfefec424a52e88ef72e707c1f401df01	—
hash017923d2295bf92a9c1731c7457978b3f900f4cb	—
hash0bcad256c661a9de209d4d148901c51be1906896	—
hash153f0af2340a959ec0f431b795a979f48d5f712b	—
hash1dea2add161006bae979e542fc551fcfca1fc0aa	—
hash22ee22f4f8b163cbf4df4a7c4b37a90d036b2e0e	—
hash23c5b055bfc35ddc5316d96e3c1a6518ed2ce444	—
hash2658de23293a03bd077d46d75dfc83bca9525d29	—
hash2897379c58f6971e38d4717caf323b6ed9da7fd5	—
hash294943cf10d268d83ba8ffaa57ab38f340d5e1e1	—
hash3701b8dea3a2a852039834424fc214651bc97dac	—
hash45e0515694788ddeb0abb3dd2a86bbc967b1eeec	—
hash549ec32545e0accc26ec168a4832efcbff729c3c	—
hash61e6d6b8e46eb466be8f8cd772b283037d65e30c	—
hash62d67355c676d177381a9bf30e86980acddb898c	—
hash68cc04a6f8b8f8f602b58acc28a1d170fa653b0c	—
hash77ad9fc130a326010e527a279d7ead7b2a0c792c	—
hash7a2b4acbfa9d4907c0681e880977e8cdfb26ae62	—
hash7b088a7f9b99895b23c0bd243c84558f55e27a98	—
hash7e98337538437c4ab99105ae2e31d776d9c21590	—
hash886e568e4189d2f4ad912db54af82b1b6870f3a7	—
hash8d053559e1884e38bb13966d20003ffb34de8f6d	—
hash9650ee6d3d7eca38952cb2e6a264e0d6d5c63a76	—
hash99c13966aa82a1af216fc967c519eb1c77abbcfc	—
hashb4512e7d743e3597f975ae47ca87a4afd5b3cb53	—
hashc1fa081d0cd62005f69018171ae0397c44230cc8	—
hashc43a50956de20d8afd5b3259add038b53cbaeeb7	—
hashd781e4c217adec0d4f4e52ab70d747c2759cf968	—
hashd9e6324d888754fee460a3577badd449f940e518	—
hashdbbc915ba86e7b314e6082f735ed92d847dd1ef2	—
hashe8daa78dca3287b2dd5ebb2ad1c202e869d1eed9	—
hash1ba364113c4cec5542d1b2c76d7c163a66bdf90bc373256d5178f880f9742960	—
hash1d3270a9141f8f16047799f1132633d72fd421b6c8f1878b5ef04ced6add4db8	—
hash1e4ed7e40608750cd0bfe96f5ed493a022b58ec54da2345336c522f7c78197af	—
hash1f4c70cb317ffd25adc828fbac3bb8f07739e23111f7b7905926489fe35f8973	—
hash2eb80e5519fc6defcec8cc30a5cf4f75ee5ec8d2435759bb77c19826f1e20efb	—
hash3c304a1ac73590aaf94b62711a5f2fd0cbb863dab13aef6ec1eb156f4a7bd5b9	—
hash3e25c28c5e93376683e841b7ad60f9383bb3bf831284a93a4aae798fc769d767	—
hash3fae7ede2ef9c809b54504c3d78e5111d7fad0b522c707b8f6ff21015af79251	—
hash43888be8debbbd74012484d4e4f9a1c70c2ff3970e0bf499c9aebba9776930a1	—
hash48a3db92fac1ba9c218253576e09f42faabeaf48cf80663cf32e06b0a66e983d	—
hash4e2cbefc6bdbfdb6e885057ce47d460e3d3355a5e97db51b22e9c5a14e14302b	—
hash5139253b1f30b34ab3aa888aba175866fa1f82728ab07b999c24b49b191c3f68	—
hash57307ee8a3cda10730eacecaf789fab6f8771f9d29397e07c31a6bd4551bba10	—
hash5d0c5d8da8202f512339457ae00ed2d9b9c930cefc63fa5a28a049aba4127ab7	—
hash62aef76c2d1897203649844b45317d9e1723819479a2b88ca4b3290ca9f4c9f0	—
hash696ef29f77a91aa91279c83088a07ab137d5049dc096ef862a35f9d890a552b3	—
hash726095e56c693977b7796dc7cead2e2a49551d77d3f442aaa28997615ba07e99	—
hash7aa389f25997610a96f014977eecd6d69142bdc63841e0d84976e3e621831303	—
hash890ecea4ebe4fea692ad36adf02abeb37c181cb7bdb6122cd52d9aaafe7d6cf3	—
hash8d65e4df0ad369f491698437413afd1bd55fff309860f9cdecc778c9ac062282	—
hash8ddbcebe1014a645855986e85b2c54ee167baf1e9a0d74179faf81a5ee6878f4	—
hash97e76acebea510c8641183866be4392601314b20e73c7ba8cf1f3ee2de6080fd	—
hash9a8ec3b21fdb4167f8fdd46f4d38b9a99ff2d3515ee70215438a1360c1474221	—
hasha5e6763b09553691c8b42deefb725fa3b8c133a03a34cea87740b1f13d08bac3	—
hashaec2a36e8d68b23444348a7cec2d6ec287cb8810d1e190e04743645426ababb1	—
hashbe8573971b85fda81a2fac27adb7a3a9b2cf7e1d9bdf713361a725324d378d34	—
hashc08cd3f78c0edcced6b1a694284b6ed4a9e0422f469e07c702c4a8d1f6c186f4	—
hashc3cfe522d2da15b033f65eb5377bf9e99be598dc4c21729e6f168dbc8f19540b	—
hashc3e324106803df27f5b6e0d49d2daf02d4cde396af4401f1ad29d78198e370b6	—
hashc505353a6c58a21cb7b0343202e8629bee2f121f01c21dd8e0b61b7c55b77495	—
hashc734a665f04eb9ab17047e65940fc35bad0221d59c2fc4fd0d170f2181514034	—
hashd6403ec82659eb62424bb1033615a8df27635080d02e438a4ee7e2334b1155f7	—
hashd7d960ef10b08c472ad397b6fd9e9481338b2077c7c2f44d3dc2c65b19345ae0	—
hashe134cffcbe1fa8a861fd1f9a506f10ca5ff56cd5082360ef13d204676792e8bc	—
hashe76cbdf420540a18e2ddea02938acf3c4b4139f3511d314dca9781afe1e439bb	—
hashed036356fa2d3490d3ddb5ee7ae98bab80b505938f0199d9b10f12266f345896	—
hashf0c18f045e3bb0193ef1169f5fa1abff7aa47e9a23da35cf67bbb9548a5e32c0	—
hashf49be77b95cabd28d2dfe91786863576f6bd3f43a9d6de67a5b5851afe3aff9a	—
hashf8cb375a4129358ad5881c29a6921fc1e5773028c0b31da83298f606118b185a	—
hashfe41e6c1725f63582f022a17abe098e49338a78118a00ca87785b2fa0cf3dadf	—

Url

Value	Description	Copy
urlhttps://abiorime.cfd	—
urlhttps://beralisvc.info	—
urlhttps://blestorians.cfd	—
urlhttps://morevoms.cfd	—

Threat ID: 6a3184df0b89be6888ea7769

Added to database: 6/16/2026, 5:16:15 PM

Last enriched: 6/16/2026, 5:30:08 PM

Last updated: 6/17/2026, 4:57:30 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Android Banker with Complete Device Takeover Capabilities

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Android Banker with Complete Device Takeover Capabilities

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Hash

Url

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Android Banker with Complete Device Takeover Capabilities

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Android Banker with Complete Device Takeover Capabilities

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Hash

Url

Community Reviews

Related Threats

ThreatFox IOCs for 2026-06-16

New Rokarolla Android malware targets 217 banking, crypto apps

Steam Workshop abused to spread malware via Wallpaper Engine app

Remus Stealer - 64bit evolution of Lumma

Potemkin Loader & RMMProject The Anatomy of a ClickFix Attack

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility